Re: [ActiveDir] Rights Required to Rename Computer Objects

[Paul Williams]

Write all properties is overkill!  Joe'll go wild when he sees that that is written in the MSFT delegation guide...   :P   I believe you require:   WRITE_PROP for name and cn     Summarised, you're modify the RDN.     --Paul ----- Original Message ----- From: O'Brien, Cathy To: ActiveDir@mail.activedir.org Sent: Wednesday, July 19, 2006 8:15 PM Subject: RE: [ActiveDir] Rights Required to Rename Computer Objects That's what Microsoft recommends... from the whitepaper Best Practices for Delegating Active Directory Administration, Appendix A:   Rename a computer account WP [Write Property] on the computer object to modify all attributes NOTE: User performing operation must be a Local Administrator on the computer being renamed From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Clay, Justin (ITS) Sent: Wednesday, July 19, 2006 7:33 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Rights Required to Rename Computer Objects I posted about this a week or so ago and I didn’t see a response, but can anyone tell me what specific rights are needed to allow someone to rename a computer attached to an AD domain? Read and Write all Properties works but that’s a bit excessive I think.   Thanks,   Justin Clay ITS Enterprise Services Metropolitan Government of Nashville and Davidson County Howard School Building Phone: (615) 880-2573   ITS ENTERPRISE SERVICES EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.